MAINTAINER Instruction Being Used

• Query id: 99614418-f82b-4852-a9ae-5051402b741c
• Query name: MAINTAINER Instruction Being Used
• Platform: Dockerfile
• Severity: Low
• Category: Best Practices
• CWE: 710
• URL: Github

Description

The MAINTAINER instruction sets the Author field of the generated images. The LABEL instruction is a much more flexible version of this and you should use it instead, as it enables setting any metadata you require, and can be viewed easily
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - dockerfile file

FROM alpine:3.5
RUN apk add --update py2-pip
RUN pip install --upgrade pip
MAINTAINER "SvenDowideit@home.org.au"
COPY requirements.txt /usr/src/app/
RUN pip install --no-cache-dir -r /usr/src/app/requirements.txt
COPY app.py /usr/src/app/
COPY templates/index.html /usr/src/app/templates/
EXPOSE 5000
CMD ["python", "/usr/src/app/app.py"]

Code samples without security vulnerabilities

Negative test num. 1 - dockerfile file

FROM alpine:3.5
RUN apk add --update py2-pip
RUN pip install --upgrade pip
LABEL maintainer="SvenDowideit@home.org.au"
COPY requirements.txt /usr/src/app/
RUN pip install --no-cache-dir -r /usr/src/app/requirements.txt
COPY app.py /usr/src/app/
COPY templates/index.html /usr/src/app/templates/
EXPOSE 5000
CMD ["python", "/usr/src/app/app.py"]